Privacy Policy

Effective: July 2022


This is the Privacy Policy of HEXCOM Limited, located in New Zealand (“HEXCOM”).

Data controllers that are part of a group of undertakings or institutions affiliated to a central body have a legitimate interest in transmitting personal data within the group of undertakings for internal administrative purposes, including the processing of clients’ personal data. The Group utilized various centrally managed information technology systems and solutions.

Where legal entities within the Group jointly determine the purpose and means of data processing their respective responsibilities as joint controllers for compliance with the obligations under the respective data privacy laws, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to (for example: in Articles 13 and 14 of the GDPR) are regulated by means of an intra-group data processing contract. Summary of such an arrangement may be provided to you by way of a written request sent to

Where this Privacy Policy refers to “HEXCOM”, “we”, “us” or “our”, it is referring to the relevant Group entity.

This Privacy Policy sets out how we collect and process your personal data.

This Privacy Policy relates to personal data that identifies “you”, meaning (a) customers or potential customers, (b) individuals who browse our website (including, but not limited to, individuals who (1) register on our website to attend seminars and other events offered through our website, (2) provide personal data on our website in connection with inquiries about our products and services, or (3) download product documentation or other resources via our website), (c) suppliers, or (d) individuals outside our organization with whom we interact. If you are an employee, contractor or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies.

We refer to personal information throughout this Privacy Policy as “personal data” and Section 3 sets out further detail of what this includes.

Please read this Privacy Policy to understand how we may use your personal data.

This Privacy Policy is not intended for children and we do not knowingly collect personal data relating to children. If you are under 16, do not provide any personal data to us or otherwise provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please notify us at

This Privacy Policy may vary from time to time so please check it regularly. In that case, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy policy will apply to you and your data immediately. If these changes affect how your personal data is processed, Loftware will take reasonable steps to let you know.


For the purposes of relevant data protection legislation, we are a controller of your personal data and as a controller we use the personal data we hold about you in accordance with this Privacy Policy.

If you wish to correct your personal data held by us, please contact us at

You may also opt-out of receiving marketing communications from us or alter your marketing preferences by sending us an email to, or by unsubscribing through the “unsubscribe” or “opt out” link in any marketing email.

If you need to contact us in connection with our use or processing of your personal data, or gain access to it, you can email us at


HEXCOM processes various types of personal data about the people we interact with when conducting our business or operating our various web presences and other communication channels.

Depending on the individual case, this may comprise the following types of personal data:

Contact Data

HEXCOM the following categories of personal data as contact data: first name, last name, email addresses, postal address/location (country, state/province, city), telephone numbers.

Personal data related to the business relationship with HEXCOM

In the context of established business relationships, HEXCOM processes the business partners company name, industry, your job title and role, department and function and your company’s relationship history to HEXCOM. If you provide a credit card number or bank details to order products or services, HEXCOM will collect this information to process your payment for the requested products or services.

Compliance related personal data

If required by statutory law or regulation, HEXCOM may process data categories like date of birth, academic credentials, identity cards or other ID numbers, geolocation, business partner relevant information about e.g., significant litigation or other legal proceedings, and other export control or custom compliance relevant information.

Data generated through your use of, or participation in, HEXCOM’s internet pages, web, or online offerings

Usage data

HEXCOM processes certain user related information, e.g., info regarding your browser, operating system, or your IP address when you visit HEXCOM’s web properties. We also process information regarding your use of our web-offerings, like the pages you visit, the amount of time you spend on a page, the page which has referred you to our page and the links on our sites you select.

Registration data

HEXCOM may process your contact data as set out above and other information which you may provide directly to HEXCOM if you register for any of HEXCOM’s events or other web services.

Participation data

When you participate in webinars, virtual seminars, events, or other HEXCOM web services, HEXCOM may process your interactions with the relevant webservice to organise the event including its sessions, polls, surveys, or other interactions between HEXCOM and/or its participants. Depending on the event and subject to a respective notification of the participants, HEXCOM may collect audio and video recordings of the event or session.

Personal data necessary for customer satisfaction

To the extent permitted by law or based on your consent, HEXCOM may combine the information we collect either directly or indirectly about specific users to ensure the completeness and correctness of the data and to help us better tailor our interactions with you and determine the information which best serves your respective interest or demand.

We may also create personal data about you. For example, if you contact us by telephone to make a complaint about our services or products, then we may make a written record of key details of the conversation so that we can take steps to address the complaint.

We may also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate certain information technology-related data of yours with others’ data to calculate the percentage of users accessing a specific feature on our website. We may use Aggregated Data for any purpose without restriction.  However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

We do not sell your personal data.  


We obtain your personal data from the following sources:

Directly from you, either in person (at our locations or otherwise), via our website, by email, or by telephone or via handheld devices. This could include personal data which you provide when you:

(a)            place an order for our products or services;

(b)            request HEXCOM documentation from our website or our partners’ websites;

(c)            subscribe to our publications;

(d)            request information on our products or services or for other marketing to be sent to you;

(e)            enter into a competition or promotion;

(f)             complete a survey from us or give us feedback;

(g)            register to attend our seminars or events; or

(h)            download our product documentation or other resources available on our website or app.

We may automatically collect certain personal data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies. Please see Section 15 for further details.

Third parties, such as:

(a)            analytics providers.

(b)            survey providers.

(c)            advertising networks.

(d)            search information providers;

(e)            providers of technical, payment and delivery services.

(f)             data brokers or aggregators.

(g)            content providers.

(h)            providers of social media platforms.

(i)              Vimeo and Youtube; and

(j)              third-party syndication and media partners.


a)  Where we are relying on a basis other than consent

We may rely on one or more of the following legal bases when processing your personal data. We have set out below the purposes for which we may process your personal data and a legal base:

Purposes for which we process your personal dataThe basis on which we can do this (this is what the law allows)
To register you or your company as a new customer and process your order.The processing is necessary: To perform a contract with you; and our legitimate interest in the provision of products and services to our guests.
In order to perform our contractual obligations to you. This would include: Processing, providing and performing any products, services or other orders placed by you; orders placed by us where you are a supplier; making or receiving payments, fees and charges; and collecting and recovering money owed.The processing is necessary: To perform any contract entered into with you; and our legitimate interest in recovering debts owed to us.
In order to manage our relationship with you, including: to send you important notices such as communications about changes to our terms and conditions and policies (including this Privacy Policy);to provide you with important real-time information about products or services you have ordered from us (e.g., a change of time or location due to unforeseen circumstances);to send you information you have requested; to deal with your inquiries; and to ask you to provide a review or feedback on us.The processing is necessary for our legitimate interest to promote our business.
In order to make suggestions and recommendations to you about products or services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of our advertising.The processing is necessary for our legitimate interests to study how guests use our products/services, to develop our products and services and ensure our marketing is relevant to you, to grow our business and to inform our marketing strategy.
For internal purposes to use data analytics, to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, for internal research, technological demonstration and development, and to help HEXCOM create, develop, operate, deliver, improve, upgrade or enhance HEXCOM products and services, marketing, customer relationships and experiences.The processing is necessary for our legitimate interests in defining types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy
To communicate with you about, and administer your participation in, seminars and other special events, programs, and promotions.The processing is necessary: For performance of a contract with you; and necessary for our legitimate interests to promote our business.
To sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers.The processing is necessary for our legitimate interests in the sale or disposal of our business or assets.
In order to enforce or apply our terms of use, terms and conditions of supply and other agreements with third parties. To ensure compliance with statutory obligations. HEXCOM processes your personal data for the purpose of ensuring an adequate level of technical and organizational security of HEXCOM’s products, services, online events, facilities, and premises. For this, HEXCOM will take the measures necessary to verify or maintain the quality and safety of a product or service which is owned, manufactured by or for, or controlled by HEXCOM. This may comprise the use of personal data for sufficient identification and authorization of designated users, internal quality control through auditing, analysis, and research, debugging to identify and repair errors that impair existing or intended functionality, account and network security, replication for loss prevention, detecting security incidents, protection against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for such kind of activity. We may further process your name, likeness, and other contact or compliance related data when you visit a Group entity in the context of access management and video surveillance to protect the security and safety of our locations and assets. The processing is necessary for our legitimate interests in protecting our business and property and recovering debts owed to us. The processing is necessary for our legitimate interests of ensuring HEXCOM’s compliance with relevant laws and regulations. The processing is necessary for our legitimate interests in protecting our business and property

Where we refer above to GDPR Article 6.1 (f) and consequently HEXCOM’s legitimate business interest as our legal permission to process your personal data, HEXCOM is pursuing its legitimate business interests:

  • to efficiently manage and perform its business operations,
  • to maintain and operate intelligent and sustainable business processes in a group structure optimized for the division of labor and in the best interest of our employees, customers, partners, and shareholders,
  • to operate sustainable business relationships with HEXCOM customers and partners including you (each of which as further set out below),
  • serve you with the best possible user experience when using HEXCOM’s web services,
  • comply with extraterritorial laws and regulations, or
  • assert or defend itself against legal claims.

We believe that our interest in pursuing these business purposes is legitimate and thereby not outweighed by your personal rights and interest to refrain from processing. In any of these cases, we duly factor into our balancing test:

  • the business purpose reasonably pursued by HEXCOM in the given case,
  • the categories, amount and sensitivity of personal data that is necessarily being processed
  • the level of protection of your personal data which is ensured by means of our general data protection policies, guidelines, and processes,
  • and the rights you have in relation to the processing activity.

If you wish to obtain further information on this approach, please contact us at

When ensuring compliance with applicable laws and regulations, Group entity may process your Personal data based on:

  • GDPR Article 6.1 (c) if necessary, to fulfill legal requirements under European Union or EU Member State law to which HEXCOM is subject,
  • GDPR Article 6.1 (f) if necessary, to fulfill laws and regulations extraterritorial to the EU (legitimate interest to comply with extraterritorial laws and regulations),
  • or the equivalent articles under other national laws, when applicable.

When tracking and evaluating the usage behavior of users of our web services by means of cookies or similar technologies, HEXCOM is processing your personal data on the basis of the following legal permissions:

  • GDPR Article 6.1 (a) if it is necessary that we ask you for your consent to process your personal data,
  • GDPR Article 6.1 (b) if necessary to fulfill (pre-)contractual obligations with you,
  • GDPR Article 6.1 (f) if necessary to fulfill (pre-)contractual obligations with the company or other legal body you represent as a customer contact (legitimate interest to efficiently perform or manage HEXCOM’s business operation),
  • or equivalent legal permissions under other relevant national laws, when applicable.

b)  Where we may rely on consent

 We may use your personal data for a variety of different purposes. For certain of these purposes it is appropriate for us to obtain your prior consent. These purposes include:

where we would like to use photos or images taken of you in promotional materials; 
where we or our carefully selected third parties have new products and services which we think you will be interested in; or
where an opportunity arises to work for or with us.
The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.

You may at any time withdraw the specific consent you give to our processing your personal data by sending us an email to      

Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other bases to process your personal data for other purposes.


Your personal data may be passed on to the following categories of third parties:

Third party service providers

HEXCOM may engage third party service providers to process personal data on HEXCOM’s behalf, e.g., for consulting or other services, marketing and advertising platforms, and data analytics platforms, other IT infrastructure, IT services, the provision of the website, the fulfillment and provisioning of offers from HEXCOM or newsletter dispatch. These service providers may receive or are granted with access to personal data when rendering their services and will constitute recipients within the meaning of the relevant data privacy law, including GDPR.

HEXCOM partners

HEXCOM may share your personal data with designated partner companies to provide you the product or service you have requested.


If you provide personal data to us about someone else (such as one of your directors, officers or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Policy.

You must ensure the individual concerned is aware of the various matters detailed in this Privacy Policy, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual’s right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.


It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.


It is possible that personal data we collect from you may be transferred, stored and/or processed outside the country or area in which it was collected (e.g., transferred from the European Economic Area to the United States, and stored and processed in the United States).

In connection with such transfers the relevant safeguard in place are the standard data protection contractual clauses between us and the recipient a copy (redacted to remove commercial or irrelevant information) can be obtained by emailing us at You may also obtain more information from the European Commission on the international dimension of data protection here.


HEXCOM will store your personal data taking into account the following:

  • the purpose(s) for which we are processing your personal data, such as whether it is necessary to continue to store that data in order to continue to perform our obligations under a contract with you or for our legitimate interests;
  • whether we have any legal obligation to continue to process your data, such as any record-keeping, accounting or tax obligations imposed by applicable law; and
  • whether we have any legal basis to continue to process your personal data, such as your consent.

For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at .


In certain circumstances the provision of personal data by you is a requirement to comply with the law or a contract, or necessary to enter into a contract.

It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If you do not provide your personal data then the consequences of failing to provide your personal data are that we may not be able to perform to the level you expect under our contract with you. An example of this would be where we are unable to provide you with certain products or services as we do not have your full details, or where we cannot perform our contract with you at all because we rely on the personal data you provide in order to do so.


We use automated decision making in our processing of your personal data. We use the following logic in our marketing automation platforms to profile your website activity, certain aspects of your company as well as certain personal data in our databases. This includes (but is not limited to) the application of profiling data to your personal profile. Personal data used to profile you will include your job title, seniority, and web page visits and other details about your employer. We use such automated decision making to determine whether we believe a particular marketing campaign or program is applicable to you.


Right to access, correct and delete

You can request from HEXCOM at any time access to information about which personal data HEXCOM processes about you and, if necessary, the correction or deletion of such personal data. Please note, however, that HEXCOM can or will delete your personal data only if there is no statutory obligation or prevailing right of HEXCOM to retain it.

Right to receive personal data back from HEXCOM

If HEXCOM uses your personal data based on your consent or to perform a contract with you, you can further request from HEXCOM a copy of the personal data you provided to HEXCOM. In this case, please contact and specify the information or processing activities to which your request relates, the format in which you would like to receive the personal data, and whether it should be sent to you or another recipient. HEXCOM will carefully consider your request and discuss with you how it can best be fulfilled.

Right to restrict

You can request from HEXCOM to restrict your personal data from further processing in any of the following events:

  • you state the personal data about you is incorrect, subject to the time HEXCOM requires to check the accuracy of the relevant personal data,
  • there is no legal basis for HEXCOM to process your personal data and you demand HEXCOM to restrict your personal data from further processing,
  • HEXCOM no longer requires your personal data, but you state you require HEXCOM to retain such data to claim or exercise legal rights or to defend against third party claims, or
  • in case you object to the processing of your personal data by HEXCOM based on HEXCOM’s legitimate interest (as further set out below), subject to the time required for HEXCOM to determine whether it has a prevailing interest or legal obligation in processing your personal data.

Right to object

If and to the extent HEXCOM is processing your personal data based on HEXCOM’s legitimate interest, specifically where HEXCOM pursues its legitimate interest to engage in direct marketing or to apply profiling in relation to direct marketing, you have the right to object to such a use of your personal data at any time. When you object to HEXCOM processing of your personal data for direct marketing purposes, HEXCOM will immediately cease to process your personal data for such purposes. In all other cases, HEXCOM will carefully review your objection and cease further use of the relevant information, subject to HEXCOM’s compelling legitimate grounds for continued use of the information, which may override your interest in objecting, or if HEXCOM requires the information for the establishment, exercise, or defense of legal claims.

Right to revoke consent

Wherever HEXCOM is processing your personal data based on your consent, you may at any time withdraw your consent by unsubscribing or giving us respective notice of withdrawal. In case of withdrawal, HEXCOM will not process personal data subject to this consent any longer unless legally required to do so. In case HEXCOM is required to retain your personal data for legal reasons your personal data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of personal data by HEXCOM up to the point in time of your withdrawal.

Right to lodge a complaint

 If you take the view that HEXCOM is not processing your personal data in accordance with the requirements in this Privacy Policy or under applicable data protection laws, you can at any time, to the extent required by applicable law, lodge a complaint with your locally relevant data protection authority, specifically when you are located in an EEA country, or with the data protection authority of the country which data protection authority has been selected as lead supervisory authority as set forth below.

If you would like to exercise any of the rights set out above, please contact us using the contact details set out in Section 2.


This policy only applies to us. If you link to another website from our website, you should remember to read and understand that website’s privacy policy as well. We do not control third-party websites and are not responsible for any use of your personal data that is made by third-party websites.

15.    COOKIES

We use cookies and similar technologies on or via our website. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are called “session cookies”. They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit our website.  

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of our website. For further information about cookies, including how to change your browser settings, please visit


Where HEXCOM is subject to privacy requirements in the EU, EEA, or other GDPR relevant countries:

Data Protection Officer for HEXCOM located at Christchurch, New Zealand. Written inquiries, requests or complaints may be addressed to

Where HEXCOM is subject to certain privacy requirements in the United States in the State of California, the following also applies:

Do Not Track. Your browser may allow you to set a “Do not track” preference. Unless otherwise stated, our sites do not honor “Do not track” requests. However, you may elect not to accept cookies by changing the designated settings on your web browser or, where available, by referring to our Cookie Statement. Cookies are small text files placed on your computer while visiting certain sites on the Internet used to identify your computer. If you do not accept cookies, you may not be able to use certain functions and features of our site. This site does not allow third parties to gather information about you over time and across sites.

You have the right:

  • to request from HEXCOM access to your personal data that HEXCOM collects, uses, or discloses about you;
  • to request that HEXCOM delete personal data about you;
  • to opt-out of the use or disclosure of your sensitive personal information;
  • to non-discriminatory treatment for exercise of any of your data protection rights;
  • if you request access to your personal data, for such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance

In accordance with the disclosure requirements under the California Consumer Privacy Act (“CCPA”), HEXCOM does not and will not sell your personal data or otherwise permit the use of your information for any kind of cross-context behavioral advertising. In accordance with the verification process set forth in the CCPA, HEXCOM will require a more stringent verification process for deletion requests, or for personal data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your personal data.   If HEXCOM must request additional information from you outside of information that is already maintained by HEXCOM, HEXCOM will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.

In addition to contacting HEXCOM at  you may also exercise your rights as follows:

  • You can also designate an authorized agent to submit requests to exercise your data protection rights to HEXCOM. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.